grc 10 training

76
GRC 10 ONLINE TRAINING [email protected] USA: +1-908-366-7933 India: +91-9550645679 Skype : keylabstraining www.keylabstraining.com

Upload: suresh-keylabs

Post on 06-May-2015

8.912 views

Category:

Education


2 download

DESCRIPTION

SAP GRC 10 online Training at keylabs is result oriented training. Keylabs has SAP Certified consultants to provide SAP online Training on SAP All modules. Contact: US: +1-908-366-7933 , India: +91-9550645679 , [email protected], Skype :keylabstraining

TRANSCRIPT

Page 1: Grc 10 training

www.keylabstraining.com

GRC 10 ONLINE TRAINING

[email protected]: +1-908-366-7933India: +91-9550645679Skype : keylabstraining

Page 2: Grc 10 training

www.keylabstraining.com

ACCESS CONTROL 10.0: INTRODUCTION

Access Control 10.0: IntroductionSAP BusinessObjects Access Control is an enterprise software application

that enables organizations to control access and prevent fraud across the enterprise, while minimizing the time and cost of compliance.

The application streamlines compliance processes, including access risk analysis and remediation, business role management, access request management, superuser maintenance, and periodic compliance certifications. It delivers immediate visibility of the current risk situation with real-time data.

Access Control 10.0 is part of newly released SAP Governance Risk & Compliance (GRC) 10.0 which also comprised of Process control 10.0, Risk Management 10.0 and Global Trade Services.

The greatest value in GRC 10.0 is the Harmonization of Access Control, Process Control and Risk

management which ultimately results in shared processes, data and user interface with reduction in redundancy.

Page 3: Grc 10 training

www.keylabstraining.com

ACCESS CONTROL 10.0: LANDSCAPE

Page 4: Grc 10 training

www.keylabstraining.com

Front end:The front-end needs a web browser or (optionally) a client installation of the NetWeaver Business ClientThe web browser can be used to access the embedded NWBC or GRC via the NetWeaver PortalThe Adobe flash player 10 is used for displaying dashboards e.g. RM heat mapOverview of SAP BusinessObjects Access Control 10.0SAPGUI 7.10 PL 15 or higher is required for administration or customizing tasks –note that SAPGUI 7.20 is recommended due to the end-of-maintenance of SAPGUI 7.10The Crystal Reports Adapter (CRA) is required for viewing (GRC) Crystal Reports.

Page 5: Grc 10 training

www.keylabstraining.com

Portal:The NetWeaver Portal 7.02 can be used optionallyThe GRC Portal Content contains the GRC Portal UI elements to access the GRC suiteThe Portal’s AS Java can contain an Adobe Document Services instance, in effect Portal and ADS may be shared on one AS Java instanceERP and Non SAP Business Applications:The GRC solutions can communicate with SAP ERP and non-SAP business applications via plug-insNW Function Modules hold the AC functions for ERP systems without HR (former non-HR RTA)PC relevant features are contained in the plug-in GRCPIERP, for example, for running automated controls and the HR relevant functions for AC (former HR RTA)GTS functions are part of the SLL-PI plug-in, for example, for GTS integration into the Logistics, HR, FI/CO and/or HCM processes in SAP ERPNon-SAP ERP systems can also be connected via adapters from an SAP Partner company

Page 6: Grc 10 training

www.keylabstraining.com

BI Content:NetWeaver BW can be used for reporting via the GRC BI ContentThe GRC BI Content is part of BI Content 7.06NetWeaver BW 7.02 is used for the GRC BI Content.Identity Management:AC can be integrated bi-directionally to IdM solutions for provisioning and risk analysisNetWeaver IdM7.2 is required for integrating with AC 10.0

Adobe Document Services:An instance of Adobe Document Services (ADS) should be accessible from the GRC AS ABAP for generating offline forms .Although it is technically optional, it is highly recommended for generating PDF reportsThese ADS can be an existing instance and can also be shared with other applicationsThe Portal’s AS Java can contain an Adobe Document Services instance, so Portal and ADS may be shared on one AS Java instance.

Page 7: Grc 10 training

www.keylabstraining.com

NEW AND ENHANCED FEATURES:

1) Enhanced Visualization and Streamlined Navigation – This enhancement provides a common look and feel with configurable role-based user access for GRC functions from the SAP Portal or SAP

NetWeaver Business Client (NWBC). Streamlined user navigation with shared work centers emphasizes function rather than component. This significantly reduces duplication of menu items

(e.g., one inbox, not three) and makes possible sharing of data and functions. Menu items seen by the individual user within each work center is controlled by the user’s GRC role(s). This also enables

data shared across components to be viewed differently by different users

Page 8: Grc 10 training

www.keylabstraining.com

NEW AND ENHANCED FEATURES:

Improved Reporting – GRC reporting leverages the Business Suite ABAP List Viewer (ALV) –

Crystal integration framework to present and personalize ABAP (WebDynpro) reports and convert into Crystal reports. This lowers the TCO and extends the benefits of Crystal without the need for a separate BOE server. It also reduces the time spent by business users on reporting needs. Custom Crystal reports with embedded graphics can also be created easily with Crystal Designer.

Page 9: Grc 10 training

www.keylabstraining.com

SEPARATION OF DUTIES 

Separation of duties (SoD) is the concept of having more than one person required to complete a task. In business the separation by sharing of more than one individual in one single task shall prevent from fraud and error. The concept is alternatively called segregation of duties

Page 10: Grc 10 training

www.keylabstraining.com

SOD RISK MANAGEMENT PROCESS OVERVIEW SAP has developed a three-phase approach

to risk management. By applying this method, it is possible to implement a process for segregation of duties (SoD) risk management.The process begins by defining the risks, and building and validating rules.

Page 11: Grc 10 training

www.keylabstraining.com

SOD RISK MANAGEMENT PROCESS OVERVIEW

Page 12: Grc 10 training

www.keylabstraining.com

Segregation of Duties and Critical Actions:In a Sarbanes Oxley Act regulated environment, business need to define their access controls based on segregation of duties (SoD). In some cases, it is challenging to define SoDs because in many cases, processes are shared among business areas. Below are examples of risks in non-segregated duties

Page 13: Grc 10 training

www.keylabstraining.com

Rule Building and Validation :After risk recognition, the second step in Phase One of the SoD Risk Management process is Rule Building and Validation.

Page 14: Grc 10 training

www.keylabstraining.com

Page 15: Grc 10 training

www.keylabstraining.com

Rule Building Process:Rules include risks, functions, and business processes. The main components of the rule building process are shown below. Access Control automatically generates the rules as permutations of the different actions and permissions derived from the combined functions.

Page 16: Grc 10 training

www.keylabstraining.com

Functions:Functions include specific actions commonly used for a job role or set of tasks, for example Maintain General Ledger Master Records or Post Journal Entry. Authorization to perform certain combinations of functions results in a risk.

Page 17: Grc 10 training

www.keylabstraining.com

Rule Structure:Actions and permissions combine to form functions. Functions in certain combinations result in a risk. Risks are associated with business processes and all the components come together to form rules. Rules are collected in a rule set.

Page 18: Grc 10 training

www.keylabstraining.com

PHASE TWO OVERVIEW

The purpose of this phase is to provide business process analysts and business process owners with alternatives for correcting or eliminating risk.Risk AnalysisDuring Risk Analysis, perform a security analysis to identify risks for:Simple rolesComposite rolesUsers

Review the roles to determine how certain personnel might be restricted from performing undesired activities by checking:ObjectsFieldsValues

Page 19: Grc 10 training

www.keylabstraining.com

PHASE 2 FIGURE

Page 20: Grc 10 training

www.keylabstraining.com

RISK REMEDIATION OVERVIEW

The purpose of the remediation phase is to determine alternatives for eliminating issues in roles. The recommended approach is to resolve issues in the following order:Single rolesThis is the simplest place to startPrevents SoD violations from being reintroducedComposite rolesUsersRisk RemediationUse a simulation to perform a "what if" analysis on the assignment or removal of user actionsUse the Management view or Risk Analysis reports for analysisSecurity Administrators should document the planBusiness Process Owners should be involved and approve the planSimulationSimulation allows you to preview the result of changes to roles and user actions to see if your changes create new risk situations before implementing them Decide whether to add or remove a value

Page 21: Grc 10 training

www.keylabstraining.com

MITIGATION CONTROLS

Page 22: Grc 10 training

www.keylabstraining.com

EXAMPLES OF MITIGATION CONTROLS

Examples of Mitigation ControlsReview of strategies and authorization limitsReview of user logsReview of exception reportsDetailed variance analysisEstablish insurance to cover impact of a security incidentTypes of Mitigation ControlsPreventative Controls: minimize the likelihood or impact of a risk before it actually occursDetective Controls: alert when a risk takes place and enable the responsible person to initiate corrective measuresBest Practices

Segregate creation and approval from assignmentUse mitigation as a last resort for exceptions left over from remediation efforts that have legitimate business reasons to not use SoD controls

Page 23: Grc 10 training

www.keylabstraining.com

CONTINUOUS COMPLIANCE

Page 24: Grc 10 training

www.keylabstraining.com

THE GRC ARCHITECTURE

GRC solutions share a common technology platform and can be installed on a single NetWeaver ABAP system.

Page 25: Grc 10 training

www.keylabstraining.com

GRC COMPONENTS

ComponentsGRC 10.0 runs on AS ABAP 7.02 SP6 or higher. The installation components are broken out as follows:Access Control, Process Control, and Risk Management are contained in one ABAP add-on GRCFND_AGlobal Trade Services resides in a separate add-on SLL-LEG

Nota Fiscal Eletronica has its own add-on SLL-NFEContent Lifecycle Management (CLM) contains functions for transporting GRC business data, for example, Access Control rules or Process Control controls. CLM has the same version requirements as the GRC 10.0 solution and is installed during the GRC installation. CLM can be disabled if not required.GRC customizing is transported using the standard ABAP transport system.

Page 26: Grc 10 training

www.keylabstraining.com

ACCESS CONTROL 10.0 ARCHITECTURE

NetWeaver ABAP is the underlying platform

Harmonized with the other GRC 10.0 applicationsLeverages existing NWABAP investments:Role comparison at Action or Permission levelComparison between roles within Access ControlHarmonization with Process Control and Risk Management allows users to leverage master data

Page 27: Grc 10 training

www.keylabstraining.com

ACCESS CONTROL ARCHITECTURE COMPONENTS

Access Control constitutes a set of core components:

Access Risk Analysis and Management

Compliance Certification Review

Role Management

Role Mining

Superuser Access Management

Access Control Repository

Page 28: Grc 10 training

www.keylabstraining.com

GRC COMMON COMPONENTS

Access Control uses a set of GRC common components as part of the harmonization of the GRC suite. These components are also available to Process Control and Risk Management:

GRC Master Data

Workflow

Reports and Dashboards

Page 29: Grc 10 training

www.keylabstraining.com

NETWEAVER COMPONENTS

Access Control uses ABAP Web Dynpro as the user interface or UI technology.

The GRC solution can be presented to end users by using either NWBC (NetWeaver Business Client) or through the use of SAP Portal.

Configuration for Access Control is executed using the SAP IMG via the SAP GUI, which is common across the GRC suite.

Access Control connects to SAP and non-SAP systems with adapter or IdM systems using the integration framework.

The ABAP database is the common repository for all Access Control data.

Page 30: Grc 10 training

www.keylabstraining.com

Page 31: Grc 10 training

www.keylabstraining.com

SECURITY AND AUTHORIZATIONS

You are planning a solution and must be able to explain object-level security, authorization requirements, and identify delivered roles and security objects.Object-Level Security

Object-Level Security gives you the ability to limit access for end users to what they need to see at a granular level. you can limit access by function, risk, user, or anyother authorization objects available within role maintenance.

Page 32: Grc 10 training

www.keylabstraining.com

AuthorizationsTo configure the IMG, you need:

PFCG role(s) relative to specific components to be configured

PFCG role(s) sufficient to configure SAP workflow and other non-GRC technologies

PFCG role(s) on GRC and non-GRC systems to set up Continuous Monitoring

To access GRC 10.0 solutions, you must have at least the following:

Portal authorization or NWBC authorization

Applicable PFCG base roles

Page 33: Grc 10 training

www.keylabstraining.com

PFCG role(s) relative to specific components (AC, PC, RM) to be used

Using Access Control with GRC Solutions

If you use Access Control with other GRC solutions, you can leverage this functionality to:

Manage PFCG roles used with GRC

Create GRC users

Assign GRC PFCG roles to users

Perform SoD analysis for PFCG role authorizations

Assignment of entity-level authorization (via application role assignment) and ticket-based authorization (via substitution or transfer) must be done in the respective component.

Page 34: Grc 10 training

www.keylabstraining.com

INSTALLATION Installation Prerequisites –ServerNetWeaver AS ABAP 7.02 SP6 or higher

Installation Prerequisites –Back-endFor ERP systems that will install Access Control Plug-In the following prerequisites must be met:For SAP ERP system 4.6C, the system must be at SAP_BASIS Support Pack 55 For SAP ERP 4.70 system, the system must be at SAP_BASIS Support Pack 63 For ERP 2004 system, the system must be at SAP BasisSupport Pack 18 For ERP 6.0 system, the system must be at SAP_BASIS Support Pack 13 For NetWeaver systems that will install Access Control Plug-In the following prerequisites must be met:For SAP Basis 4.6C, the system must be at SAP_BASIS Support Pack 55 For NW 6.20 system, the system must be at SAP_BASIS Support Pack 63 For NW 6.40 system, the system must be at SAP_BASIS Support Pack 18 For NW 7.00 system, the system must be at SAP_BASIS Support Pack 13 For NW 7.01, the system must be at SAP_BASIS Support Pack 02For NW 7.02, the system must be at SAP_BASIS Support Pack 01 For SAP Basis 710 system, the system must be at SAP_BASIS Support Pack 04

Page 35: Grc 10 training

www.keylabstraining.com

WHERE TO OBTAIN THE GRC 10.0 SOFTWARE

http://service.sap.com/swdc

Page 36: Grc 10 training

www.keylabstraining.com

CONTENT OF THE INSTALLATION ZIP

Page 37: Grc 10 training

www.keylabstraining.com

ACCESS CONTROL INSTALLATION NOTES

Installation NotesSAP Note 1490996: Install SAP GRC Access Control 10.0 on SAP NW 7.02 SAP Note 1500168: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 46C NW SAP Note 1497971: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 620 NW SAP Note 1501882: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 640 NW SAP Note 1500689: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 700 NW SAP Note 1503749:Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 710 NW SAP Note 1500169: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 46C ERP SAP Note 1497972: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 620 ERP SAP Note 1501880: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 640 ERP SAP Note 1500690: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 700 ERP

Page 38: Grc 10 training

www.keylabstraining.com

INSTALLATION OF MAIN COMPONENTS OFAC/PC/RM 10.0

General Steps:1.Main installation components:GRCFND_A2.Download the installation packages from Service Marketplace3.Install with the transaction SAINT4.Follow the detailed instructions from the SAP Note 14909965.Apply the most recent Support Packages

Page 39: Grc 10 training

INSTALLATION OF PLUG-IN FOR AC/PC 10.0 ON ERP

www.keylabstraining.com

General Steps:1.Main installation components:GRCPINWGRCPIERP2.Download the installation packages from SMP3.Install with the transaction SAINT4.Follow the detailed instructions from the SAP Notes 1500689 and 15006905.Apply the necessary Support Packages if there is any

Note: Plug-Ins vary depending on back end ERP system.

Attention:The AC 10.0 plug-ins will upgrade any existing RTA from previous AC releases. This means that any AC instance on running 5.X will stop working after the plug-ins are installed.

Page 40: Grc 10 training

www.keylabstraining.com

GRC 10.0 POST-INSTALLATION

1.Client Copy2.Activating Applications in Client3.Check SAP ICF Services4.Activating BC Sets5.Creating the Initial User in the ABAP System6.Activate Profile of Roles Delivered by SAP7.Activate Common Workflow

Page 41: Grc 10 training

www.keylabstraining.com

CLIENT COPY

T-code which starts from SCC*

1. Choose Administration --> System administration --> Administration >Client admin.>Client Copy-->Local Copy. 2.      Select a copy profile. 3.      Enter the source client. click the tick mark it will take some time .... you can refer the link  below http://help.sap.com/printdocu/core/print46c/en/data/pdf/bcctscco/bcctscco.pdf

Page 42: Grc 10 training

www.keylabstraining.com

ACTIVATING APPLICATIONS IN CLIENT

Call the customizing with transaction SPROChoose SAP Reference IMGExpand the Governance, Risk and Compliance > General Settings node and choose Activate Applications in Client

Choose New Entries

Page 43: Grc 10 training

www.keylabstraining.com

ACTIVATING APPLICATIONS IN CLIENT

Click the first row and select the GRC solution(s) required for your projectThen choose the ActivecheckboxClick SaveNote: you may have to create a transport requestEXAMPLE IS OF GRC –PC,YOU MAY NEED AC IF YOU NEED ONLY ACCCESS CONTROL

Page 44: Grc 10 training

www.keylabstraining.com

CHECK SAP ICF SERVICES

Call transaction SICFClick the Execute icon

Page 45: Grc 10 training

www.keylabstraining.com

CHECK SAP ICF SERVICES

Expand the node default_host-> sap -> publicRight click publicand choose Activate ServiceChoose Activate Service for all sub-nodes

Page 46: Grc 10 training

www.keylabstraining.com

CHECK SAP ICF SERVICES

Proceed likewise with the node default_host-> sap -> bcActivate all sub-nodes too

Page 47: Grc 10 training

www.keylabstraining.com

CHECK SAP ICF SERVICES

Now activate the node default_host-> sap -> grcAlso activate all sub-nodes

Page 48: Grc 10 training

www.keylabstraining.com

ACTIVATING BC SETS

Call transaction SPRO againClick SAP Reference IMGClick Existing BC Sets in the next screen

Page 49: Grc 10 training

www.keylabstraining.com

ACTIVATING BC SETS Select a BC SetClick “BC Sets for Activity”

Page 50: Grc 10 training

www.keylabstraining.com

ACTIVATING BC SETS From the menu choose Goto >Activation TransactionThese BC sets can also be activated via transaction code SCPR20

Page 51: Grc 10 training

www.keylabstraining.com

ACTIVATING BC SETS Activate the corresponding BC sets.Proceed likewise for all required PC, RM, and/or AC BC setsFor a complete list of BC Sets please refer to the PC/RM/AC install guide!

NOTE:BELOW EXAMPLE IS FOR ACTIVATION ON TIME FRQUENCY FOR GRCPC:PROCESS CONTROL.

Page 52: Grc 10 training

www.keylabstraining.com

ACTIVATING BC SETS When activating always use “Expert” mode

Page 53: Grc 10 training

www.keylabstraining.com

CREATING THE INITIAL USER IN THE ABAP SYSTEM

Call transaction SU01, create a userAssign following role to access GRC applications, such as AC•SAP_GRC_FN_BASE

Assign following power user role to the person doing the customization of the product•SAP_GRC_FN_ALL

Assign following role to the business users•SAP_GRC_FN_BUSINESS_USER

Assign following role if you use NWBC as front end UI instead of Portal•SAP_GRC_NWBC

Page 54: Grc 10 training

www.keylabstraining.com

ACTIVATE PROFILE OF ROLES DELIVERED BY SAP

•Activate profile of roles delivered by SAP via transaction PFCG if you want to use them directly•For the list of the roles, please refer to Security Guide -here is an example of the SAP-GRC-NWBC role•Please use transaction “SUPC” for mass profile generation in case you want to generate profiles for multiple roles

Page 55: Grc 10 training

www.keylabstraining.com

ACTIVATE COMMON WORKFLOW

Call transaction SPROagainClick SAP Reference IMGAccess Workflow node under Governance, Risk and Compliance > General SettingsExecute Perform Automatic Workflow Customizing

Page 56: Grc 10 training

www.keylabstraining.com

ACTIVATE COMMON WORKFLOW PERFORM AUTOMATIC WORKFLOW CUSTOMIZING

Execute Perform Automatic Workflow CustomizingMake sure that all tasks are green after the generation as show in the screenshotNote: you may have to create a transport requestDuring the activation procedure you might receive an error message, then check the created system user „WF-BATCH“ in SU01 if the user has sufficient roles assigned –see SAP Note 1251255and the GRC Security Guide.You may need to run program RHSOBJCH to fix HR control tables

Page 57: Grc 10 training

www.keylabstraining.com

ACTIVATE COMMON WORKFLOW PERFORM AUTOMATIC WORKFLOW CUSTOMIZING

Maintain the Prefix Numbers to your needs or like shown in the screenshot

Page 58: Grc 10 training

www.keylabstraining.com

ACTIVATE COMMON WORKFLOWPERFORM TASK-SPECIFIC CUSTOMIZING

Execute PerformTask-Specific CustomizingExpand the GRCnode.Click the Assign Agents link at the right side of the GRCnode.

Note: if no folders are visible below the “GRC“ folder please run report “RS_APPL_REFRESH” in SE38

Page 59: Grc 10 training

www.keylabstraining.com

ACTIVATE COMMON WORKFLOWPERFORM TASK-SPECIFIC CUSTOMIZING

Assign Task as General Task via Task Attribute.Make sure all tasks that are not using Background task have been assigned as General Task.

Page 60: Grc 10 training

www.keylabstraining.com

ACTIVATE COMMON WORKFLOWPERFORM TASK-SPECIFIC CUSTOMIZING

Click Activate event linking

Page 61: Grc 10 training

www.keylabstraining.com

ACTIVATE COMMON WORKFLOWPERFORM TASK-SPECIFIC CUSTOMIZING

Click the Properties iconSet the Linkage Status to No errors Make sure Event linkage activated is checked.Set Error feedback to Do not change linkageBe sure to activate all WS.

Page 62: Grc 10 training

www.keylabstraining.com

ACTIVATE COMMON WORKFLOWPERFORM TASK-SPECIFIC CUSTOMIZING

Repeat the first four steps to activate the solutions you need (e.g. for Access Control “GRC-AC”)

Note: task-specific customizing for GRC-AC is notavailable in case you have the GRC plug-ins installed in your GRC system, check the Appendix for perfomingthe customizing in this case

Page 63: Grc 10 training

www.keylabstraining.com

POST-INSTALLATION TO FIRST EMERGENCY ACCESS

•RequirementsoAdding connector to SUPMG scenariooCreating users and assigning rolesoVerifying time zones•ConfigurationoMaintaining AC ownersoAssigning owners to firefighter IDsoAssigning firefighter IDs and controllers to firefightersoCreating reasons codes•Starting an emergency access session•Managing LogsoRunning log collectionoViewing the firefighter reports

Page 64: Grc 10 training

www.keylabstraining.com

MAINTAIN CONFIGURATION SETTINGS

Page 65: Grc 10 training

www.keylabstraining.com

ADDING CONNECTOR TO SUPMG SCENARIO

To create access requests it is required to have the SUPMG scenario linked to the connector, this is done via IMG:

Page 66: Grc 10 training

www.keylabstraining.com

CREATING USERS AND ASSIGNING ROLES

Please create users and roles as needed. Remember to synchronize again the repository (program GRAC_REPOSITORY_OBJECT_SYNC ). These roles are provided as examples and customer roles need to be created based on their authorizations.In the AC systemRole

Firefighter userSAP_GRAC_SUPER_USER_MGMT_USERFirefightercontrollerSAP_GRAC_SUPER_USER_MGMT_CNTLRFirefighterownerSAP_GRAC_SUPER_USER_MGMT_OWNERIn the target systemRole

Firefighter IDSAP_GRAC_SPM_FFIDIn the AC system the Firefighter ID role is configured in ParamID 4010 (Firefighter ID role name)Reminder: end users will require also the roles based on SAP_GRC_FN_BASEand SAP_GRC_FN_BUSINESS_USER

Page 67: Grc 10 training

www.keylabstraining.com

VERIFYING TIME ZONESFor logs to be properly captured the time zones in the connected ERP systems need to be configured to match the operating system and also the AC server time zone. This is done in IMG under SAP NetWeaverGeneral Settings Time Zones Maintain System Settings

Page 68: Grc 10 training

www.keylabstraining.com

CONFIGURATIONMaintaining AC ownersAssigning owners to firefighter IDsAssigning firefighter IDs and controllers to firefightersCreating reasons codes

Page 69: Grc 10 training

www.keylabstraining.com

MAINTAINING AC OWNERSGo to NWBC Access Management GRC Role Assignments Access Control Owners and maintain the controllers and owners as shown below:

After this is done it is possible to assign those to FireFighterIDs.

Page 70: Grc 10 training

www.keylabstraining.com

ASSIGNING OWNERS TO FIREFIGHTER IDS

In Access Management go to SuperuserAssignment and click on Owners. Here owners are assigned to firefighter IDs.

Page 71: Grc 10 training

www.keylabstraining.com

ASSIGNING FIREFIGHTER IDS AND CONTROLLERS TO FIREFIGHTERS

Now you need to assign firefighter IDs and controllers to users. This is done by going to SuperuserAssignment Firefighter IDs

Note: Multiple firefighter users and controllers can be assigned to a multiple firefighter ID.

Page 72: Grc 10 training

www.keylabstraining.com

CREATING REASONS CODESThe reason codes available for firefighter users are maintained under Superuser Maintenance Reason Codes

Page 73: Grc 10 training

STARTING EMERGENCY ACCESS

www.keylabstraining.com

Starting a firefighter session

Login to the AC system using the firefighter user and launch transaction GRAC_SPMYou will be able to connect to the target system using the firefighter IDs previously assigned

Page 74: Grc 10 training

www.keylabstraining.com

MANAGING LOGS

Running Log CollectionViewing the firefighter reports

Running log collectionForeground mode

The foreground job for log collection can be executed from the “Update Firefighter Log Button” which can be found in the following path:Reports And Analytics Super User Management Reports Consolidated Log Report

Page 75: Grc 10 training

www.keylabstraining.com

RUNNING LOG COLLECTIONBACKGROUND MODE

The Background Job for Log Collection can be scheduled periodically from SM36 using program GRAC_SPM_LOG_SYNC_UPDATE.

Page 76: Grc 10 training

www.keylabstraining.com

THANK [email protected]. KEYLABSTRAINING.COM